Threat Intelligence Report
Report Date: 2026-04-16
This report summarizes exploited vulnerabilities, major emerging CVEs, campaign-related activity, and vendor concentration trends observed over the last 7 days.
Top KEVs
Most important exploited vulnerabilities added to the KEV catalog during the reporting window.
- CVE-2026-21643 – Fortinet FortiClient EMS | CVSS 9.8 | Ransomware Use: No
- CVE-2009-0238 – Microsoft Office | CVSS 8.8 | Ransomware Use: No
- CVE-2023-21529 – Microsoft Exchange Server | CVSS 8.8 | Ransomware Use: No
- CVE-2026-34621 – Adobe Acrobat and Reader | CVSS 8.6 | Ransomware Use: No
- CVE-2012-1854 – Microsoft Visual Basic for Applications (VBA) | CVSS 7.8 | Ransomware Use: No
- CVE-2025-60710 – Microsoft Windows | CVSS 7.8 | Ransomware Use: No
- CVE-2023-36424 – Microsoft Windows | CVSS 7.8 | Ransomware Use: No
Major CVEs
High-severity recent CVEs not yet represented in KEV but worth monitoring closely.
- CVE-2026-34987 – bytecodealliance | CVSS 9.0 (CRITICAL) | Published: 2026-04-09
Active Campaigns
Recent campaign-oriented activity and advisory content from selected threat and advisory sources.
- SANS ISC – ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)
- SANS ISC – [Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
[This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program &#&… - SANS ISC – ISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892, (Wed, Apr 15th)
- SANS ISC – Scanning for AI Models, (Tue, Apr 14th)
Starting March 10, 2026, my DShield sensor started getting probe for various AI models such as claude, openclaw, huggingface, etc. Reviewing the data already reported by other DShield sensors to ISC, the DShield database… - SANS ISC – Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening
Vendor-Specific Risks
Vendors showing the strongest concentration of exploited vulnerabilities, major CVEs, or campaign mentions.
- Microsoft – KEVs: 5, Major CVEs: 0, Campaign Mentions: 1
- Fortinet – KEVs: 1, Major CVEs: 0, Campaign Mentions: 0
- Adobe – KEVs: 1, Major CVEs: 0, Campaign Mentions: 0
- bytecodealliance – KEVs: 0, Major CVEs: 1, Campaign Mentions: 0